Hack-proof computer interface

ABSTRACT

A hack-proof computer interface between a public-side operating system and a private-side operating system utilizing a “King&#39;s food taster” approach. A public-side operating system is exposed to the outside world, while a private-side operating system is isolated from the outside world except through the hack-proof interface. This effectively prevents infection of the private-side operating system with viruses or other computer malware from the outside world. The hack-proof interface includes a bitmap-coupled interface, such as a camera capturing a video image of the visible computer screen public-side operating system. A security device, such as a video scrambler or security lens, distorts or decimates the video image sufficiently to prevent active virus code from passing through the bitmap-coupled interface. A user-controlled input interface, such as hardware or software switches, allows a user to selectively direct keyboard and mouse commands to the public-side operating system or the private-side operating system.

TECHNICAL FIELD

The present invention is directed to computer security systems and, more particularly, to a hack-proof computer interface using a public side computer and a private side computer interconnected though a bitmap-coupled interface, a security device, and a user-controlled input interface.

BACKGROUND

The news continually describes computer hacking ranging from massive breaches to “ransom ware” directed at small businesses and individuals. The virus protection keeps blocking the criminals, and the criminals keep finding ways around the virus protection. Some types of protection are expensive, while others required a fairly high level of sophistication to implement and maintain. Those who are on the lower end of the computer sophistication scale are often the most vulnerable. There is, therefore, a continuing need for a hack-proof computer interface that is effective yet easy to use.

SUMMARY

The present invention may be embodied in a hack-proof computer interface that utilizes a public-side operating system exposed to an interconnected network including the Internet, and a private-side operating system that is isolated from the outside world except through a security interface with the public-side operating system. A bitmap-coupled interface provides the private-side operating system with a bit-map video image of a largely visible spectrum computer interface controlled by the private-side operating system. A security device distorts or decimates the video image sufficiently to prevent active virus code from passing through the bitmap-coupled interface in a manner that is imperceptible to a human operator viewing the video image. A user-controlled input interface selectively directs keyboard and mouse commands to the public-side operating system or the private-side operating system. The public-side operating and the private-side operating system may be deployed in separate enclosures or in the same enclosure.

In the event that the user wants to download files from the outside world to be accessed by the private-side operating system, the external files are screened for viruses and quarantined on an external memory, such as a hard drive. Once the file has been opened and sufficient scanning, testing and operations have been performed with the public-side operating system, the external file can be made accessible to the private-side operating system. In a first embodiment, the public-side and private-side operating systems are each deployed in separate computers and the bitmap-coupled interface is a camera positioned to view the computer screen of the public-side operating system. In a second embodiment, the public-side operating system is a smartphone, the private-side operating systems is a separate computer, and the bitmap-coupled interface is a camera extending from a docking station for the smartphone positioned to view the screen of the smartphone. In a third embodiment, the public-side and private-side operating systems are both deployed in a common housing and the bitmap-coupled interface is an electronic LCD-to-CCD interface operating largely in the visible light spectrum. The user-controlled input interface may be one or more hardware switches, wireless switches, or software switches. The public-side operating system may be deployed on an easily removed and replaced PC board allowing for easy replacement in the event of infection.

It will be understood that specific embodiments may include a variety of features in different combinations, as desired by different users. In view of the foregoing, it will be appreciated that the present invention provides an effective yet easy to use hack-proof computer interface. The specific techniques and structures for implementing particular embodiments of the invention and accomplishing the associated advantages will become apparent from the following detailed description of the embodiments and the appended drawings and claims.

BRIEF DESCRIPTION OF THE FIGURES

The numerous advantages of the invention may be better understood with reference to the accompanying figures in which:

FIG. 1 is a conceptual illustration of a first type of hack-proof computer interface where the public-side and private-side operating systems are both deployed on laptop computers.

FIG. 2 is a conceptual illustration of a second type of hack-proof computer interface where the public-side operating system is deployed on a smartphone, and the private-side operating system is deployed on a laptop computer.

FIG. 3 is a conceptual illustration of a third type of hack-proof computer interface where the public-side and private-side operating systems are both deployed on PC boards inside a single enclosure, such as a laptop computer.

DETAILED DESCRIPTION

The embodiments of the invention include any suitable combination of a public-side operating system and a private-side operating system utilizing a “King's food taster” hack-proof interface. This analogy is apt because the private-side operating system effectively uses a potentially sacrificial public-side operating system to interface with the outside world, while the private-side operating system remains protected by only interacting with the outside world through a secure interface with the public-side operating system. The private-side operating system accesses external files only after they have be received and tested by the public-side operating system. In other words, the public-side operating system is exposed to the outside world, while the private-side operating system is isolated from the outside world except through the public-side operating system by way of the hack-proof interface. This effectively prevents infection of the private-side operating system with viruses or other computer malware from the outside world. The hack-proof interface includes a bitmap-coupled interface, such as a camera capturing a video image of the visible computer screen public-side operating system. A security device, such as a video scrambler or security lens, distorts or decimates the video image sufficiently to prevent active virus code from passing through the bitmap-coupled interface. A user-controlled input interface, such as a hardware or software keyboard and mouse switches, allows a user to selectively direct keyboard and mouse commands to the public-side operating system or the private-side operating system. Like “the King's food taster,” any computer infection impacts only the potentially sacrificial public-side operating system exposed to the outside world, while leaving the private-side operating system untouched.

FIG. 1 is a conceptual illustration of a first type of hack-proof computer interface 10 a where the public-side operating system 12 a and the private-side operating system 14 a are deployed on separate laptop computers. A bitmap-coupled interface 11 a protected by a security device 13 a provides a hack-proof interface between the public-side and private-side operating systems. In this example, the bitmap-coupled interface 11 a is an optical camera 16 a operating largely in the visible spectrum capturing a bit-map video image of the display screen on the computer running the public-side operating system 12 a. The computer running the private-side operating system 14 a includes a display screen that selectively views the video image created by the camera 16 a as altered by the security device 13 a. A display, camera or other device should be considered to operate “largely in the visible spectrum” if a portion of the information captured, displayed or transmitted by the device in the visible spectrum is operative to cause human visible images to be displayed by the computer running the private-side operating system 14 a, even if additional information is transmitted outside the visible spectrum, for example in the infrared, ultraviolet or other portion of the electromagnetic spectrum, or through another suitable mode of communication.

The computer running the private-side operating system 14 a also includes the usual input devices illustrated by the keyboard/mouse 17 a in this example. A user controlled interface 15 a, illustrated in this example as two hardware switches in wired connections, allows keyboard/mouse generated by the keyboard/mouse 17 a to be selectively directed to the public-side operating system 12 a or the private-side operating system 14 a. The user controlled interface 15 a also allows executable files to be selectively downloaded from the public-side operating system 12 a to an external hard drive 18 a, where the executable files can be accessed by the private-side operating system 14 a only after the files have been scanned for viruses, opened, and sufficiently tested by the public-side operating system 12 a.

In this embodiment, the camera 16 a feeds the video signal to the computer running the private-side operating system 14 a, where it is selectively displayed on the display screen of the computer running the private-side operating system 14 a. The security device 13 a in this example is a video scrambler that decimates the video image to prevent viruses or other executable code from being transmitted across the bitmap-coupled interface 11 a in a manner that is imperceptible to a human operator viewing the camera feed on the display screen of the of the computer running the private-side operating system 14 a. For example, the video scrambler may randomly flip a small percentage of the bit-map pixels each frame, such as one or two percent of the pixels, where the pixels selected for flipping changes randomly from frame to frame. Many other video scrambler techniques may be used so long as the result prevents viruses or other executable code from being transmitted across the bitmap-coupled interface in a manner that is imperceptible to a human operator viewing the video image at the computer running the private-side operating system.

FIG. 2 is a conceptual illustration of a second type of hack-proof computer interface 10 b where the public-side operating system 12 b is deployed on a smartphone 20, while the private-side operating system 14 b is deployed on a laptop computer. A bitmap-coupled interface 11 b protected by a security device 13 b provides a hack-proof interface between the public-side and private-side operating systems. In this example, the bitmap-coupled interface 11 b is an optical camera 16 b operating largely in the visible spectrum capturing a bit-map video image of the display screen on smartphone 20. The computer running the private-side operating system 14 a includes a display screen that selectively views the video image created by the camera 16 b as altered by the security device 13 b. In this embodiment, the smartphone 20 is supported by a docking station 22, which also supports the camera 16 b in a position where it captures an image of the display screen on the smartphone 20. The docking station 22 provides power to keep the battery of the smartphone 20 charged while keeping the screen display on.

The computer running the private-side operating system 14 b also includes the usual input devices illustrated by the keyboard/mouse 17 b in this example. A user controlled interface 15 b, illustrated in this example as two wireless interfaces controlled by software switches (e.g., “hotkey” keyboard commands), allows keyboard/mouse commands generated by the keyboard/mouse 17 b to be selectively directed to the public-side operating system 12 b running on the smartphone 20 or the private-side operating system 14 b. The user controlled interface 15 b also allows executable files to be selectively downloaded from the public-side operating system 12 b to an external hard drive 18 b, where the executable files can be accessed by the private-side operating system 14 b only after the files have been scanned for viruses, opened, and sufficiently tested by the public-side operating system 12 b.

In this embodiment, the camera 16 b feeds the video signal to the computer running the private-side operating system 14 b, where it is selectively displayed on the display screen of the computer running the private-side operating system 14 b. The security device 13 b in this example is an optical security lens that optically or digitally distorts the video image to prevent viruses or other executable code from being transmitted across the bitmap-coupled interface 11 a in a manner that is imperceptible to a human operator viewing the camera feed on the display screen of the of the computer running the private-side operating system 14 a. For example, the security lens may optically or digitally alter or remove a small percentage of the bit-map pixels each frame, such as one or two percent. Again, other security lens techniques may be used so long as the result prevents viruses or other executable code from being transmitted across the bitmap-coupled interface in a manner that is imperceptible to a human operator viewing the video image at the computer running the private-side operating system 14 a.

FIG. 3 is a conceptual illustration of a third type of hack-proof computer interface 10 c, which is conceptual similar to the first embodiment shown in FIG. 1, except that the public-side operating system 12 c and the private-side operating system 14 c are both deployed on PC boards inside a common enclosure 30, such as a laptop computer. The public-side operating system 12 c may be deployed by a separate microprocessor deployed on a separate PC board that is easily removed and replaced in the event that it becomes corrupted. In this embodiment, the bitmap-coupled interface 11 c may be a tiny LCD to CCD electronic interface operating largely in the visible spectrum, because a human perceptible display screen is not required to transfer bit-map video images between the operating systems in the embodiment. In the future, many personal computing devices may be configured with this type of “King's food taster” dual-operating system configuration to provide increased security that is effective and easy to use for a wide range of computer users.

In this example, a bitmap-coupled interface 11 c protected by a security device 13 c provides a hack-proof interface between the public-side operating system 12 c and private-side operating system 14 c. The bitmap-coupled interface 11 c is this embodiment includes an LCD-to-CCD electronic interface operating largely in the visible spectrum. For example, a tiny CCD chip may capture a bit-map video image created by a tiny LCD chip without the need for a large human-readable computer screen. The computer running the private-side operating system 14 c includes a display screen that selectively views the video image created by the CCD chip as altered by the security device 13 c.

The computer running the private-side operating system 14 c also includes the usual input devices illustrated by the keyboard/mouse 17 c in this example. A user controlled interface 15 c, such as “hot-key” keyboard command, allows keyboard/mouse generated by the keyboard/mouse 17 c to be selectively directed to the public-side operating system 12 c or the private-side operating system 14 c. The user controlled interface 15 c also allows executable files to be selectively downloaded from the public-side operating system 12 c to an external hard drive 18 c, where the executable files can be accessed by the private-side operating system 14 c only after the files have been scanned for viruses, opened, and sufficiently tested by the public-side operating system 12 c.

In this embodiment, the CCD chip feeds the video signal to the computer running the private-side operating system 14 c, where it is selectively displayed on the display screen of the computer running the private-side operating system 14 c. The security device 13 c in this example is a video scrambler that digitally distorts or decimates the video image to prevent viruses or other executable code from being transmitted across the bitmap-coupled interface 11 c in a manner that is imperceptible to a human operator viewing the camera feed on the display screen of the of the computer running the private-side operating system 14 c. For example, the video scrambler may randomly flip a small percentage of the bit-map pixels each frame, such as one or two percent, where the pixels selected for flipping changes randomly from frame to frame. Many other video scrambler techniques may be used so long as the result prevents viruses or other executable code from being transmitted across the bitmap-coupled interface in a manner that is imperceptible to a human operator viewing the video image at the computer running the private-side operating system.

In view of the foregoing, it will be appreciated that the present invention provides significant improvements in computer security. The foregoing relates only to the exemplary embodiments of the present invention, and that numerous changes may be made therein without departing from the spirit and scope of the invention as defined by the following claims. 

The invention claimed is:
 1. A computer system featuring a security interface and a user-controlled input interface, comprising: public-side operating system exposed to an interconnected network including the Internet; a private-side operating system isolated from the interconnected network except through the security interface with the public-side operating system; the security interface comprising a bitmap-coupled interface displaying an at least in part visible spectrum bit-map video image of the public-side operating system to the private-side operating system; wherein the security interface distorts or decimates the visible spectrum bit-map video image sufficiently to prevent active virus code from passing through the bitmap-coupled interface in a manner that is imperceptible to a human operator viewing the visible spectrum bit-map video image; and a wherein the user-controlled input interface selectively directs keyboard and mouse commands to the public-side operating system or the private-side operating system.
 2. The computer system of claim 1, wherein the public-side and private-side operating systems are deployed in separate enclosures.
 3. The computer system of claim 1, wherein the public-side and the private-side operating systems are deployed in a common enclosure.
 4. The computer system of claim 1, further comprising an external memory for storing computer files received by the public-side operating system and making them available to the private-side operating system after security screening.
 5. The computer system of claim 1, wherein the public-side operating system is deployed in a laptop computer, the private-side operating system is deployed in a different laptop computer, and the bitmap-coupled interface comprises a camera positioned to capture images of a display screen of the laptop computer running the public-side operating system.
 6. The computer system of claim 1, wherein the public-side operating system is deployed in a smartphone, the private-side operating system is deployed in a laptop computer, and the bitmap-coupled interface comprises a camera positioned to capture images of a display screen of the smartphone.
 7. The computer system of claim 6, wherein the camera is supported by a docking station supporting the smartphone.
 8. The computer system of claim 1, wherein the security interface comprises a video scrambler computer software component.
 9. The computer system of claim 1, wherein the security interface comprises an optical lens.
 10. The computer system of claim 1, further comprising a user-operated switch that selectively directs the keyboard and mouse commands to the public-side operating system or the private-side operating system.
 11. A non-transient computer storage medium storing computer-executable instructions for causing a computer system to implement a computer-controlled process, comprising: running a public-side operating system exposed to an interconnected network including the Internet; running a private-side operating system isolated from the interconnected network except through the security interface with the public-side operating system; displaying an at least in part visible spectrum bit-map video image of the public-side operating system to the private-side operating system; distorting or decimating the visible spectrum bit-map video image sufficiently to prevent active virus code from passing through the visible spectrum bit-map video image in a manner that is imperceptible to a human operator viewing the visible spectrum bit-map video image; and selectively directing keyboard and mouse commands to the public-side operating system or the private-side operating system.
 12. The computer storage medium of claim 11, wherein the public-side and private-side operating systems are deployed in separate enclosures.
 13. The computer storage medium of claim 11, wherein the public-side and the private-side operating systems are deployed in a common enclosure.
 14. The computer storage medium of claim 11, wherein the computer-controlled process further comprising receiving computer files received by the public-side operating system into an external memory and making them available to the private-side operating system after security.
 15. The computer storage medium of claim 11, wherein the computer-controlled process further comprising receiving the bit-map video image of the public-side operating system from a camera positioned to capture images of a display screen of a laptop computer running the public-side operating system.
 16. The computer storage medium of claim 11, wherein the computer-controlled process further comprising receiving the bit-map video image of the public-side operating system from a camera positioned to capture images of a display screen of a smartphone.
 17. The computer storage medium of claim 16, wherein the camera is supported by a docking station supporting the smartphone. 